oops..i forgot to add the error attachment - http://www.nabble.com/file/p18292063/appfuse-access-denied-error.rar appfuse-access-denied-error.rar
Also a minor correction, the strange nested access denied error comes only when i access a url like http://<domain>/admin/editUser.html?id=-2, i.e. an editUser action, with query parameters, using a non-admin user and wrongly adding an admin namespace..!! :confused: ChrisSleeman wrote: > > I am sorry - i was not quite clear with my query.... > > I understand that the editUser action is secured and only an admin user > can access it. The edit user action is btw, in the default package and > not admin package, but has an admin-check interceptor. So i need to access > it with http://your.domain.com/editUser.html, using an admin user. > However, even if i use http://your.domain.com/admin/editUser.html, with > the admin namespace, I am able to access it, although i was expecting a > "page not found error". Why is this happening? > > Also, if a non-admin user tries to access > http://your.domain.com/admin/editUser.html, with the admin namespace, I > get a strange acces denied error embedded inside another access denied > error (Have attached an image). Also wondering why is that happening. I > understand its not a major issue, but was just curious to understand the > cause for this behaviour. > > Thanks, > Chris > > > > alibehzadian wrote: >> >> Hi Chris, >> >> "editUser" action is inside admin package (struts.xml). All actions in >> this package have "admin" prefix. So >> the exact url of "editUser" action is >> "http://your.domain.com/admin/editUser.html?...";. >> >> All actions are -by default- secure. So you can not access any action >> without logging into application. >> If you want to have a public action (an action that guest users can >> access), you should go to security.xml file and add your action there and >> make it available to ROLE_ANONYMOUS as below: >> >> ... >> <intercept-url pattern="/index.html*" >> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >> ... >> >> Ali Behzadian Nejad. >> > > -- View this message in context: http://www.nabble.com/Appfuse-Access-denied-error-tp18284246s2369p18292063.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
